package com.gxa.controller;

import com.gxa.common.Result;
import com.gxa.common.annotation.RequirePermission;
import com.gxa.common.util.JwtUtil;
import com.gxa.domain.entity.Permission;
import com.gxa.service.PermissionService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import lombok.RequiredArgsConstructor;
import lombok.extern.slf4j.Slf4j;
import org.springframework.web.bind.annotation.*;

import jakarta.servlet.http.HttpServletRequest;
import java.util.List;

/**
 * 权限管理控制器
 */
@Tag(name = "权限管理", description = "权限信息管理相关接口")
@RestController
@RequestMapping("/permission")
@RequiredArgsConstructor
@Slf4j
public class PermissionController {

    private final PermissionService permissionService;
    private final JwtUtil jwtUtil;

    @Operation(summary = "获取当前用户权限列表")
    @GetMapping("/current")
    public Result<List<Permission>> getCurrentUserPermissions(HttpServletRequest request) {
        try {
            // 从请求头获取token
            String token = request.getHeader("token");
            if (token == null || token.trim().isEmpty()) {
                return Result.error(401, "未登录或token已过期");
            }

            // 验证token
            if (!jwtUtil.validateToken(token)) {
                return Result.error(401, "token无效或已过期");
            }

            // 获取操作员等级
            Integer operatorLevel = jwtUtil.getOperatorLevelFromToken(token);
            if (operatorLevel == null) {
                return Result.error(401, "token信息不完整");
            }

            // 获取权限列表
            List<Permission> permissions = permissionService.getPermissionsByOperatorLevel(operatorLevel);
            log.info("用户操作员等级 {} 获取权限列表成功，权限数量: {}", operatorLevel, permissions.size());
            
            return Result.success(permissions);
        } catch (Exception e) {
            log.error("获取当前用户权限列表失败", e);
            return Result.error(500, "获取权限列表失败：" + e.getMessage());
        }
    }

    @Operation(summary = "检查用户是否有指定权限")
    @GetMapping("/check/{permissionName}")
    public Result<Boolean> checkPermission(@PathVariable String permissionName, HttpServletRequest request) {
        try {
            // 从请求头获取token
            String token = request.getHeader("token");
            if (token == null || token.trim().isEmpty()) {
                return Result.error(401, "未登录或token已过期");
            }

            // 验证token
            if (!jwtUtil.validateToken(token)) {
                return Result.error(401, "token无效或已过期");
            }

            // 获取操作员等级
            Integer operatorLevel = jwtUtil.getOperatorLevelFromToken(token);
            if (operatorLevel == null) {
                return Result.error(401, "token信息不完整");
            }

            // 检查权限
            boolean hasPermission = permissionService.hasPermission(operatorLevel, permissionName);
            log.info("用户操作员等级 {} 权限 {} 检查结果: {}", operatorLevel, permissionName, hasPermission);
            
            return Result.success(hasPermission);
        } catch (Exception e) {
            log.error("检查用户权限失败", e);
            return Result.error(500, "检查权限失败：" + e.getMessage());
        }
    }

    @Operation(summary = "获取所有权限列表")
    @RequirePermission("基础数据维护")
    @GetMapping("/all")
    public Result<List<Permission>> getAllPermissions() {
        try {
            // 这里需要实现获取所有权限的方法
            // 暂时返回空列表，后续可以扩展
            return Result.success(List.of());
        } catch (Exception e) {
            log.error("获取所有权限列表失败", e);
            return Result.error(500, "获取权限列表失败：" + e.getMessage());
        }
    }
} 